Main menu

Solidarity against online harassment

One of our colleagues has been the target of a sustained campaign of harassment for the past several months. We have decided to publish this statement to publicly declare our support for her, for every member of our organization, and for every member of our community who experiences this harassment. She is not alone and her experience has catalyzed us to action. This statement is a start.

The Tor Project works to create ways to bypass censorship and ensure anonymity on the Internet. Our software is used by journalists, human rights defenders, members of law enforcement, diplomatic officials, and many others. We do high-profile work, and over the past years, many of us have been the targets of online harassment. The current incidents come at a time when suspicion, slander, and threats are endemic to the online world. They create an environment where the malicious feel safe and the misguided feel justified in striking out online with a thousand blows. Under such attacks, many people have suffered — especially women who speak up online. Women who work on Tor are targeted, degraded, minimized and endure serious, frightening threats.

This is the status quo for a large part of the internet. We will not accept it.

We work on anonymity technology because we believe in empowering people. This empowerment is the beginning and a means, not the end of the discussion. Each person who has power to speak freely on the net also has the power to hurt and harm. Merely because one is free to say a thing does not mean that it should be tolerated or considered reasonable. Our commitment to building and promoting strong anonymity technology is absolute. We have decided that it is not enough for us to work to protect the world from snoops and censors; we must also stand up to protect one another from harassment.

It's true that we ourselves are far from perfect. Some of us have written thoughtless things about members of our own community, have judged prematurely, or conflated an idea we hated with the person holding it. Therefore, in categorically condemning the urge to harass, we mean categorically: we will neither tolerate it in others, nor will we accept it among ourselves. We are dedicated to both protecting our employees and colleagues from violence, and trying to foster more positive and mindful behavior online ourselves.

Further, we will no longer hold back out of fear or uncertainty from an opportunity to defend a member of our community online. We write tools to provide online freedom but we don't endorse online or offline abuse. Similarly, in the offline world, we support freedom of speech but we oppose the abuse and harassment of women and others. We know that online harassment is one small piece of the larger struggle that women, people of color, and others face against sexism, racism, homophobia and other bigotry.

This declaration is not the last word, but a beginning: We will not tolerate harassment of our people. We are working within our community to devise ways to concretely support people who suffer from online harassment; this statement is part of that discussion. We hope it will contribute to the larger public conversation about online harassment and we encourage other organizations to sign on to it or write one of their own.

In the presentation "Mobile Networks in My NOC World", the picture of two vaguely familiar persons apparently being briefed on anal feeding techniques is apt because
* this pair surely have nothing to hide
* the room depicted happens to be GCHQ's troll den
* it is a rather small room, so you can tell when someone has made an, err... rectal emission.

But seriously, many thanks to Julian Assange, the Tor Project staff, Tails staff, Ed Snowden, and the intrepid reporters who are not afraid to inform the public about governmental misdeeds. And most of all, to the revolutionaries risking life and limb to make a positive change in the world.

Indeed, one of the trolls involved has been doing precisely this for every name he can map to a Twitter account. Every name on that list asked to be there, though. Sometimes confronting sociopaths requires a measure of courage.

"One of the problems of Free Speech is that when folks use it, others can use it against them."

The principle enemy of everyone anywhere in the world who struggles to advance free speech and privacy (and social justice and ecological stewardship and uncensored political discussions and economic stability and...) is NSA, the (near) global adversary which collects and uses the entirety of communications of every person living or dead to advance its own evil agenda (which often conflicts with the mission of other US government agencies, a fact we can leverage in the political arena in order to try to defend ourselves). We must never forget that one of the weapons this global adversary often uses is highly organized non-attributable trollery informed by advice from psychologists who specialize in promoting paranoia and discord, i.e. trolls.

In the coming months, NSA's most rapid supporters (such as Rep. Mike Rogers) will be attempting to use incidents such as

* the cyberattack campaign targeting Sony

* the harassment campaign targeting Tor developers

to further its unceasing demand for even more surveillance and cyberwar powers. I am already seeing editorials in leading US papers which mention NSA intrusion into "strategic" routers in overseas telecoms in the same breath as cyberintrusions attributed to "Guardians of Peace", without seeming to notice that breaking into someone else's electronic device is illegal and just plain wrong. Wrong when GoP does it, wrong when China does it, and yes, dead wrong when NSA does it. We must oppose and expose arguments that "the ends justify the means", which is of course the very argument used by Russia and China and North Korea to defend their own censorship and cyberwar capabilities.

It seems notable that NSA has actually been collaborating with China in a UN effort to "normalize" censorship in international law, under the rubric of an alleged "national security" need to counter "online rumors". Anyone who knows anything about what the Chinese government classifies as "online rumors" will understand the danger to democracy posed by the lamentable fact that one result of globalization has been that, even as the Chinese and Russian economies have become more like the US economy, the ideology of the US government has become markedly more authoritarian over the past two decades.

NSA is not above mounting a cyberattack or harassment campaign, in a non-attributable fashion, and then using it to argue that it needs even more surveillance and cyberwar and indefinite detention powers to ensure that US citizens remain unscathed in the new era of cyberchaos it has itself created through projects like Stuxnet. (Again, not a rumor, but established fact since the Snowden leaks contain hard evidence of such activity.)

This is not to deny that sometimes a troll is simply an ordinary garden troll. But thanks to Snowden it is now established fact that FVEY agencies have repeatedly and specifically attacked the Tor community, so we must all bear in mind that as Tor developers or even as users, we are more likely than other internet citizens to be "selected" for targeted attacks.

If NSA succeeds in crushing Tor, it will be free to pursue an agenda of global totalitarianism without opposition from ordinary citizens. But if Tor survives, maybe, just maybe, we can eventually eradicate this evil agency (through political pressure on the US government and through technical countermeasures which can eventually render NSA uneconomical for the US Congress to continue to fund).

I have been reading and thinking about the comments in this thread and in the related tor-talk thread. Several people have expressed concern about parts of the his blog post which Roger has since edited out (thanks!). But the concern remains.

I propose that the Project clarify the original blog post along these lines:

"Trollery relies on psychosocial vulnerabilities common to all people and to all communities. Unfortunately, it can be an effective means of disrupting a community when trolls succeed in isolating individuals in order to sow discord. Fortunately, it can be effectively countered when targeted communities simply join in making a strong statement of mutual support."

On a more personal note, to the people who have been targeted by these trolls: it might help to picture trolls as concrete statuettes, mere caricatures of evil standing in the rain making faces in the windows. The value of a statement of community support is that it shows that the real people in the community are on your side of those windows. I hope such mental imagery might help restore the proper perspective on trolls, which is that they should arouse amusement or irritation but never fear.

Years ago I wrote about the internet for my master's thesis. At the time I was very interested in the remote aspect of the technology and the ability for people to instantaneously connect from great distances.

I also saw the potential for abuse.

The bottom line is that our modern culture is accepting of abuse on many levels, so it was a matter of time before it became a problem online. We really need to examine cultural attitudes topwards not only women, but all marginalized groups.

There is a growing, not diminishing acceptance of abuse of all people in this country, particular those with perceived low social status. As long as it is tolerated throughout broader society, it will manifest online.

* Among these are operations whose intent is characterized (in formerly top secret FVEY presentations) as sowing dissension in order to disrupt some community whose activities are viewed as threatening to the state (for example, Wikileaks),

* Specific methods employed are known to include making defamatory claims about some members of the group to other members.

So these agencies clearly have the *ability* to troll the Tor community. But what would be their *motive*?

One plausible motive is the strong desire in CIA and NSA to prevent the prosecution for war crimes of people directly involved in kidnapping, torture, and assassinations:

The recent feature film "Zero Dark Thirty" lionizes a fictionalized version of Bikowski. I don't think enough is yet known about CIA/NSA counteroffensives (in the political arena and on-line forums) to say that this film is part of CIA "information operation" intended to influence world opinion, but I think there are ample grounds for suspicion. Nor do I think enough is yet known to say that USIC is behind the harassment campaign discussed in this thread, but I think there is sufficient evidence to warrant bearing this possibility in mind as the situation develops.

This is a critical time for the rogue agencies; there is a real possibility that some of their agents will face prosecution and even that the agencies will lose funding, especially as more sources contact journalists to tell what they know about state-sponsored criminality. Tor and Tails are technical tools which continue to play critical roles in enabling responsible journalists to cover these stories. It is already clear that CIA/NSA are desperate to cover up their crimes, and I think it makes perfect sense that they would try very hard to obstruct any activities which might help to ensure that the dark truth ultimately emerges from the shadows.

Among the hundreds of journalists who knew Bikowsky's name, only Glenn Greenwald and Peter Maass had the courage to finally publish it, for which they deserve our fervent thanks, precisely because, as several people pointed out above, in any civilized society governed by the rule of law, people who commit extremely serious crimes must be brought to account. It seems noteworthy that Greenwald has been a target of the USIC for years, no doubt because our enemies are terrified by anyone who refuses to be cowed by state power. We need more journalists like that, and more technical tools to protect their sources and to enable their vital work.

DARPA has funded unclassified academic research on both stylometry attacks and on possible defenses, such as anonymouth.

Their motivation for funding stylometry attacks is obvious, and verified by their unclassified statements: USIC is deeply concerned about citizen researchers who use "open source" documents to research and expose the nature and extent of the Surveillance-Industrial complex, in part because such research necessarily includes analyzing the interpersonal relationships of key figures in USIC and in the private companies on which it relies, which can result in exposing the identity of USIC operatives. But why would DARPA also fund research into *defenses* against stylometry? The answer is of course that USIC operatives themselves extensively employ anonymous postings in various "information operations" intended to influence public opinion or to alter the behavior of people who threaten to expose state-sponsored criminality. So the USIC feels a need both to deanonymize "opposing" posters using stylometry attacks, and to defend their own operatives against exposure using such attacks.

Unfortunately, USIC agencies are by no means the only US government agencies who wish to defeat open source projects like Tor which can enable citizens to assist journalists in exposing state-sponsored criminality while reducing the likelihood of reprisals.

It is now widely appreciated that in the realm of electronic surveillance, the advance of technology has enabled intelligence agencies to broaden the scope of real time surveillance from the political leaders of hostile states to... essentially everyone. In the same way, technical advances have enabled US agencies to broaden the scope of computer modeling of the cognition, emotions, and behavior of individual persons (and their reaction to proposed USG policies) from world leaders to... essentially everyone.

It is now possible for US agencies to simultaneously model millions of individuals (and their interpersonal interactions and their reactions to local governmental policies), seeking to determine which among a list of alternative proposed policies and/or "targeted interventions" can most effectively influence civic trends and/or the behavior of individuals flagged as allegedly potentially posing future threats of various kinds to "state interests". Some notion of the original motivation for and sophistication of such modeling can be found here:

Relevant buzzwords include "threat scoring", "predictive analysis", "algorithmic governance", and "suasion operations". Companies currently marketing such programs to the USG include IBM, SAS, and Palantir.

Threat scoring has rapidly evolved from computer modeling which targets alleged "terror networks" outside the USA (and spammers and credit-card scammers) to modeling which targets US citizens such as PETA activists and fracking protesters. The first tentative steps toward implementing such systems on a wide scale have already occurred, with little fanfare in the press (excepting specialized newsletters intended for LEA employees):

It is notable that in an interview in Der Spiegel, John Podesta (author of the eponymous report on Big Data) specifically said that such precrime threat scoring is the aspect of the "new Jim Crow" which most concerns him. From

"SPIEGEL: In your report on NSA and "big data" for President Obama, you describe the potential opportunities and threats of this technology. What dangers do you see of big data in the hands of a surveillance system like the NSA?

Podesta: I think about it more in the context of law enforcement. You begin to -- particularly with predictive analytics -- blur the line between the presumption of innocence and targeting individuals. We are in a constant state of both adopting the technology and trying to formulate policy that is consistent with a value base that respects civil liberties, respects the integrity of the person and respects the need to ensure non-discrimination. The technologies are powerful tools to both enhance those rights of freedom and expression. But there is also a dark side to all of this, too. It has the potential to have a chilling effect for the government to hold that much data. So it's a struggle to get the balance."

This rapidly evolving threat to the freedom of speech of ordinary citizens is just one more reason why everyone should use Tor when posting comments. And don't forget that the USIC intends to store everything for decades, and a comment which does not appear "controversial" today might easily be portrayed as "criminal" tomorrow.

Concerning links: one notable aspect of the Barrett Brown prosecution is that if federal prosecutors get their way (and in the US "justice" system they generally do), a legal precedent will be established ensuring that anyone who simply posts a link may incur the threat of a long prison sentence. This would represent a significant victory for those who seek to prevent the exposure in the press of corruption and state sponsored criminality.

Concerning expensive governmental programs which have no chance of success even on their own terms: even Wikipedia articles clearly expose why NSA/CIA/LEAs will never be able to accurately predict who will commit some rare criminal action years in advance. The underlying mathematical phenomenon is precisely the same as is often discussed in tor-talk in connection with discussions of traffic analysis, and in the wider world, in connection with programs which attempt to screen the general population for rare diseases. The problem is that almost all of the people who "test positive" do not in fact have the disease. In the same way, most events flagged by stateful firewalls are false positives, and most people flagged as "potential threats to LEA officers" do not actually pose such threats. Roger sometimes call this the "base rate fallacy" but this term is too imprecise.

"At least one type of information should be shared with U.S. critical infrastructure and financial firms—the IP addresses of Tor network nodes. Tor is a global network that helps users maintain anonymity by obfuscating users' true online locations. While it has many benefits, it is increasingly used to hide criminal activity online. The recent cyber attacks against JPMorgan Chase and Sony Pictures Entertainment highlight the need for such information sharing.
...
Tor, like other anonymity networks, has many legitimate uses. It is used by journalists, human rights defenders, and pro-democracy activists in countries where censorship is common and Internet access is tightly controlled and monitored. However, as cyber attackers become more sophisticated, they may use the Tor network in more cyber attacks, and use it to exploit the data they capture from critical infrastructure and financial firms. This will make it increasingly difficult for defenders to track and protect against cyber intrusions. There is no reason why legitimate bank customers, studio employees, or others that need to communicate with private firms like Sony Pictures or JPMorgan would need to use Tor. The U.S. government should provide the information it has on the constantly changing set of Tor nodes that exist around the globe. Tor IP addresses could then be blocked to prevent potentially damaging cyber attacks in the future."

Notice that Gonzales is proposing to share the IP addresses of *entry guards and relays* as well as exit nodes.

China, Russia, USA continue to move closer together in their attitude towards Tor. What a tragedy for democracy.

If thwarting banking cyberheists were the true goal here, there would be no need to for anyone but banks to block any IPs but the IPs of exit nodes, and these are publically available from Tor Project itself (updated every hour, even).

In fact, not only do we publish the directory information (both current and historical -- see metrics.torproject.org), we also offer a service designed for law enforcement (and relay operators after the fact) if they want to look up a given IP address and time:https://exonerator.torproject.org/

Also, I think the article (including Brian Krebs's article) misunderstands the data around number of bank attacks that involve Tor. I hope they actually publish the underlying report and numbers, so we can look for methodology errors like "we looked at the 1% of the attacks that seemed most unusual, and we found that many of those were Tor connections, therefore many of the whole data set of attacks are Tor connections."

If I understand the third paragraph correctly, the tor network was not directly involved in transporting the data away from Sony's servers, rather this was done using Sony's own playstation network. Only afterwards was tor then used, in a secondary manner merely to upload the data to file-sharing websites.

Taking this story as presented, it doesn't really make sense, especially the implication of tor being the critical problem. Why not use tor to extract the movies directly? Maybe because tor couldn't cope as easily as the playstation network with handling "perhaps several terabytes" of data in a timely manner? Maybe because playstations can download movies, and so large transports through that medium would look innocuous?

So the whole thing was found to be masterminded from a luxury hotel in Bangkok, Thailand, by "IP address sleuthing". The article doesn't tell us if a tor exit node was set up inside the hotel and happened to be used, or was deliberately used, or the mastermind was actually a pseudonymous client of the hotel and its wifi network. What was that post above saying about Thailand being a strong base for covert US operations again?*

"This circuitous route was used to mask the trail of the attackers and to enable large amounts of stolen data to be stealthily removed from the Sony network."

Really? The article just stated that tor wasn't the transport used to remove the data, and seems to assert it was definitely masterminded from Bangkok. It seems that tor was used only in part of the operation and maybe not enough of it or in the right parts, yet it gets all of the blame.

I can only conclude this article was written to meet a pre-formed opinion.

2. Tor node IPAs.

Yes, it seems the author is unaware that lists of tor exit node IPAs are public information. Or, maybe he hopes others remain unaware of this, perhaps he is hoping to win the government contract to run the dissemination service?*

"Notice that Gonzales is proposing to share the IP addresses of *entry guards and relays* as well as exit nodes."

I don't read that. Only the exit node IPAs need to be listed and blocked, surely? The rest is wasted effort.

3. Legitimately logging into a bank account with tor.

OK, here goes my main point ...

"There is no reason why legitimate bank customers, studio employees, or others that need to communicate with private firms like Sony Pictures or JPMorgan would need to use Tor."

"If thwarting banking cyberheists were the true goal here, there would be no need to for anyone but banks to block any IPs but the IPs of exit nodes ... "

Good counterpoint, but ...

When I became mentally ill, I wanted to research my illness, but keep its existence secret (stigma, employability, etc.). There was a problem though: recents laws meant my ISP was required to log which websites I was visiting, and store these for some time. The astute will get the privacy threat model. TAILS, thus tor, saved me there.

Recently, I spent several months in a mental hospital. Restriction take away many freedoms when you are there. Astonishingly, most patients had their mailing addresses changed to c/o the hospital, even for their banks, just to get their mail while being detained. Of course, I did not follow suit, wondering what my bank would make of me and my credit worthiness upon noting that I must be suffering from a mental illness. I still needed to access my bank account, and at least the hospital did provide internet access. What would happen, though, when I logged into my bank account? The IPA would no longer be that of my home, but what would my bank see? Again, the astute will get the privacy threat model.

I was lucky, the staff let me boot up TAILS (though I'm unsure most knew what I was really doing).

Maybe the hospital actually obfuscates the IPA for privacy. Maybe the bank does not really care to inspect the IPA. I doubt it. Try actually verifying this with hospital or bank staff, or their IT partners, and you're on your way into a Franz Kafka novel. There is no way to tell.

So, there you are, all, a legitimate reason to log into a bank account from tor.

Mr. Dingeldine, another 'use case' for you! Did you or anyone else expect that one?

Anyway, this is straying from the topic of this blog, and relates much more to the blog about tor being targeted. In my next post, I'll bring relevancy back by discussing censorship.

Right you are. I was answering this for somebody else, so I'll answer it here too:

Q: Doesn't being anti-harassment mean you are against free speech and pro-censorship?

A: No, it doesn't. We're fans of free speech and that means we're against censorship.

I really like the way Professor Jean Camp explains this apparent contradiction:

"""Threats are not about speech, they are about silencing. Threats are the opposite of dialogue. If a small minority of men can silence a great number of women, speech is not served. Any person who is silenced by threats of violence is damage to free speech.

Anonymity can and is targeted at supporting speech. Threats can and are targeted at silencing speech."""

Our statement against harassment is meant both as a gesture of support, and to raise awareness about the issue and try to get all of the neutral people in the middle to be mindful about it when choosing their behavior. The answer to bad speech is more speech.

This post is vague. If a person states that rape happens often and is awful but at the same time he/she does not believe that x or y woman was raped in any particular case, such as the U-VA rape allegation, will Tor retaliate by denying him/her privacy?

We aren't advocating removing protection from harassers. We didn't mean that we will undermine Tor or retaliate by escalating the harassment or involve government authorities to punish harassers.

Rather, the statement is about how we are now going to stand up and participate and discuss and engage with the topic of harassment and not stand quietly by, hoping somebody else will deal with it.

Some supporters have suggested that we change "not tolerate" to "not support" to avoid these misunderstandings. The problem with "not support" is that it allows us to say "This is wrong; I will contribute to fixing it by not participating." And that's exactly the response that's gotten us, the Internet community, to this point. Instead we need to contribute to fixing it *by participating*. That's what this statement is all about (and why it says "this is a start").

This is what I wanted to see. Thank you for your comments. At this point it seems that we cannot expect technology projects to not toe a political line, but as long as you continue to provide your service with no respect to political views I can continue to support you.

Way up above there somewhere, someone wrote that censorship is a necessary evil.

There is an ethics argument that you only know you are a good person if you have the potential to do evil deeds, but choose not to do them.

Tor is a tool that gives people the potential to do good deeds and evil deeds. It is our choices that define us, not tor.

If you censor evil deeds, how do you know people are now good? You can't (unless you are that 'privileged watchman', rather than the protected victim). Better is to allow people (and tor) to carry on and see what the outcome is. Better is to give the trolls their chance to be a troll. Only then, when it goes 'quiet' and things are civil, can we really say that the behaviour of people has reached a better standard.

Maybe trolls will always be here, but if we don't try it, how will we ever know we can reach that better standard? Any other way, censorship, harrassment, bullying, stupidity, are manners of failure preventing this.

In the meantime, when trolls do troll, we can speak out, document, complain, ciriticise, etc., to appeal to intelligence to select the better arguments. Doing that is taking a stand, but it is not consorship. It is the opposite of censorship.

In the end, we will get what we deserve, because it's a tautology really, which is a much better way to run things: tautologies never fail. :)

The only truly newsworthy part of the Sony megaleak is that the leaks confirm in detail what many have long suspected: that Hollywood actively collaborates with CIA in producing propaganda films such as "Zero Dark Thirty".

Many people in USG pay attention which RAND issues recommendations, even when its advice is highly questionable. (If memory serves, one of the most notorious past recommendations from RAND was its technocratic judgement, during the Reagan presidency, that one complete multimegaton thermonuclear detonation occurring in the USA every twenty years would constitute an "acceptable" rate of lethal mishaps involving US nuclear weapons. The good citizens of Kansas might beg to disagree.)

I think the Project should request an unredacted copy of the secret report issued by Financial Crimes Enforcement Network (FinCEN), which is part of the US Treasury Department, on 2 December 2014, alleging that Tor nodes are used in a large fraction of the most dangerous attacks on the US financial infrastructure. Brian Krebs says the he was given a copy of this report, which he describes here:

According to Krebs, the authors of the FinCEN report searched "6,048 suspicious activity reports (SARs) filed by banks between August 2001 and July 2014" for mention of the IP addresses of 6000 known Tor nodes (not just exit nodes?). Krebs says "investigators found 975 hits corresponding to reports totaling nearly $24 million in likely fraudulent activity", but does that mean 975 of the 6048 SARS reports mention the known IP address of some Tor exit node, or that 975 of the known IP addresses of roughly 6000 Tor nodes are alleged to appear in SARS reports? Did these "investigators" even check that the machines with the suspect IP addresses are even listed as Tor exit nodes functioning during the time frame of the SARs reported incidents?

There are so many unanswered questions here that it is impossible to put any credence in the allegations publicized by Krebs unless he provides much more information about the evidence presented in the FinCEN report.

as evidence that Roger acknowledges that it is "necessary" for banks to block Tor exit nodes by IP, while seeming to acknowledge that Tor may have legitimate uses. But I think he may have misunderstood Roger. For example, consider the predicament of a US embassy employee who wishes to check his/her bank balance in a US account without tipping possibly hostile local ISP employees that the person associated with a particular local IP address banks at a USG credit union? Such a person might be tempted to use Tor to contact the banks webform (after all, the username and password are presumably protected by a properly configured and fully patched TLS connection).

On the issue of cybersecurity, I don't yet see any reason to conclude that Krebs is necessarily an ideological opponent of Tor, but I do see plenty of evidence that the Project should be trying to educate him about how good citizens use Tor.

Calling for the USG to encourage sites to block Tor nodes is like calling for the USG to recall the F-150 pickup truck (stamped "made in America") on the grounds that almost 20,000 US residents are killed each year in vehicular accidents, many no doubt involving the F-150.

in which he concedes that "a sizable number of readers remain unconvinced about the one conclusion that many security experts and the U.S. government now agree upon: That North Korea was to blame" and presents further arguments for attribution to DPRK. His first try is convincing everyone DPRK is to blame can be found here:

I don't think Krebs is being accurate when he implies that all the "experts" have accepted the DPRK attribution, while only "a sizable number of [inexpert] readers" continue to express doubt. There are plenty of seasoned cybersecurity experts who are also continuing to express doubt.

Some of the circumstantial evidence Krebs presents could, I argue, be more reasonably interpreted as evidence for a different attribution. For example, he writes:

"It is interesting to note that the attackers initially made no mention of The Interview, and instead demanded payment from Sony to forestall the release of sensitive corporate data. It wasn’t until well after the news media pounced on the idea that the attack was in apparent retribution for The Interview that we saw the attackers begin to mention the Sony movie."

This kind of ideological confusion or backtracking could be regarded as weak circumstantial evidence for the hypothesis that the 2014 megaleak is due to cyberhacktivists, perhaps assisted by disgruntled Sony employees (one might cite the precedent of the HB Gary Federal leak).

Krebs says

"Both of those terms reference the military classes of ancient Rome: “hastati” were the younger, poorer soldiers typically on the front lines; the “principes” referred to more hardened, seasoned soldiers. According to a detailed white paper from McAfee, the attackers left a calling card a day after the attacks in the form of a web pop-up message claiming that the NewRomanic Cyber Army Team was responsible and had leaked private information from several banks and media companies and destroyed data on a large number of machines."

Many literate people read history, and some occasionally adopt a nomme de guerre referencing ancient Roman history. This "evidence" could also be misinterpreted as evidence that Someone was trying to frame Edward Snowden for these cyberattacks.

Ironically, one of the bloggers whom Sony threatened in retaliation for discussing material from the leaks was... Brian Krebs. Further evidence that Sony is possibly the most clueless corporation on the face of this planet.

If only there were more people on this list. The thing I find most concerning with online harassment is the fact that people think they can treat you differently if they can't see you. Just go on YouTube and watch any prank/social experiment with the pranksters telling Facebook comments randomly to people in the street; just watch the reactions.

(Tiny quibble: as I understand it, Thomas White is a Tor volunteer but not a Tor staffer.)

Please correct me if any of the following are wrong:

* in the hour before 1430 hours on Fri 26 Dec 2014 UTC, about 3000-3500 new Tor nodes suddenly appeared
* the new nodes all have nicknames beginning "LizardNSA", and all but a handful share the tld googleusercontent.com
* all the Lizard nodes all had low bandwidth (or was the bandwidth manually zeroed by Tor staff action in the consensus?)
* within one hour, this was identified as an apparent Sybil attack and the new nodes were blacklisted
* yes, Lizard Squad briefly operated about "half of all Tor nodes"
* no, that's no cause for panic, because Lizard Squad never controlled more than a fraction of 1% of the total bandwidth
* the nodes were configured as Exit nodes but were also configured to "sinkhole" all traffic
* Lizard Squad posted a few messages to tor-talk from a riseup.net account which did not appear to offer a plausible explanation of their intentions

* someone trying to frighten or obstruct a small group of Tor users for obscure purposes with no relevance to the wider community?

* someone trying to give FBI an (absurd) "excuse" to NSL riseup.net?

We do know from Snowden leaks that a well established GCHQ tactic against Anonymous type disorganizations is to try to frighten away potential "associates" by tying certain domains or certain kinds of political activism to illegal activities. We also know that USIC and its allies tend to try to "justify" their surveillance dragnet by claiming that they have a "need" to predict whether or not peaceful political groups are about to turn "violent". So once again, Tor has been (maliciously?) "implicated" in a well publicized event which seems to benefit only the surveillance-industrial complex.

I would not discount the possibility that all these events are NSA or its allies mounting "false flag" attacks, but I am increasingly inclined to speculate that the most likely explanation for most or all of them is a small politically unaffiliated "hacking" [sic] group.

With respect to the discussion above of a possible connection between Gamergate and the harassment of Tor developers, it is intriguing that according to Wikipedia, Lizard squad

* previously targeted Sony a few months ago
* claims responsibility for taking down DPRK's internet a few days ago
* claims responsibility for DDOS attacks on two major gaming sites earlier this month and a few days ago

Unfortunately, Ball failed to mention the fact that Gen. Hayden revealed years ago that Bayesian inference using communications metadata (and modeling of the kind discussed in the IEEE Spectrum article) has been used for years by NSA in drawing up the targeting lists for drone strikes. As Hayden put it (quoting from memory, so this may not be the exact quote), "we kill people based on metadata" [and computer modeling]. Charming. I wish reporters would ask the academics cited in the Spectrum article to explain why their work is not morally equivalent to the work of the now infamous "torture shrinks".

I hope that all other reporters covering the internet know all about Bayes's formula and the failure of Bayesian inference in the presence of a tiny base rate. If not, the Tor Project should make sure to teach them. There are further serious errors governments are likely to make, if we let them, but let's start with the simplest error.

'The files have been heavily censored, but still manage to show that, either by accident or design, NSA staff routinely engaged in illegal surveillance with almost no comeback from management. Take, for example, the case of a female analyst who used the NSA's vast databases to conduct a little research on her husband. The report covering the first quarter of 2012 states that she accessed her hubby's personal telephone records to look for possible "targets," over a period of three years, and when found out was "advised to cease her activities."'

I see two possibilities, neither of which helps NSA defend against the growing clamor to simply eradicate this rogue agency:

1. no-one at NSA ever gets more than a "girls/boys will be girls/boys" snigger from the (male/female) boss,

2. Madam LoveInt *was* the boss (one imagines a breathless headline in the Crystal City Courier: "Teresa splits from James").

To those with knowledge of the details of loveint episodes, should the Lizard have no objection, might I suggest using Tails to contact journalists? If you don't like The Intercept, try The Hollywood Reporter.

The Register notes ACLU "was only able to file the request thanks to knowing specifically what to ask for, thanks to internal documents leaked to the world by Edward Snowden".

Once again, a heartfelt thanks to Snowden, who used Tails (and thus Tor) for the purpose intended. May his example further inspire our Fifth Column!

Roger's blog confused at least some non-gamers who initially had little idea what he was talking in this paragraph:

"The Tor Project works to create ways to bypass censorship and ensure anonymity on the Internet. Our software is used by journalists, human rights defenders, members of law enforcement, diplomatic officials, and many others. We do high-profile work, and over the past years, many of us have been the targets of online harassment. The current incidents come at a time when suspicion, slander, and threats are endemic to the online world. They create an environment where the malicious feel safe and the misguided feel justified in striking out online with a thousand blows. Under such attacks, many people have suffered — especially women who speak up online. Women who work on Tor are targeted, degraded, minimized and endure serious, frightening threats."

While the Gamergate harassment campaign may not be directly related to the harassment campaign obliquely referred to in the statement of solidarity, the following two items may clarify the reference to "serious, frightening threats":

Recent Updates

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.0.1-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely by the end of the month.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.4.0.1-alpha is the first release in the new 0.4.0.x series. It introduces improved features for power and bandwidth conservation, more accurate reporting of bootstrap progress for user interfaces, and an experimental backend for an exciting new adaptive padding feature. There is also the usual assortment of bugfixes and minor features, all described below.

Changes in version 0.4.0.1-alpha - 2019-01-18

Major features (battery management, client, dormant mode):

When Tor is running as a client, and it is unused for a long time, it can now enter a "dormant" state. When Tor is dormant, it avoids network and CPU activity until it is reawoken either by a user request or by a controller command. For more information, see the configuration options starting with "Dormant". Implements tickets 2149 and 28335.

The client's memory of whether it is "dormant", and how long it has spent idle, persists across invocations. Implements ticket 28624.

There is a DormantOnFirstStartup option that integrators can use if they expect that in many cases, Tor will be installed but not used.

Major features (bootstrap reporting):

When reporting bootstrap progress, report the first connection uniformly, regardless of whether it's a connection for building application circuits. This allows finer-grained reporting of early progress than previously possible, with the improvements of ticket 27169. Closes tickets 27167 and 27103. Addresses ticket 27308.

When reporting bootstrap progress, treat connecting to a proxy or pluggable transport as separate from having successfully used that proxy or pluggable transport to connect to a relay. Closes tickets 27100 and 28884.

Tor 0.3.5.7 is the first stable release in its series; it includes compilation and portability fixes, and a fix for a severe problem affecting directory caches. Tor 0.3.4.10 and 0.3.3.11 are also released today; please see the official announcements for those releases if you are tracking older stable versions.

The Tor 0.3.5 series includes several new features and performance improvements, including client authorization for v3 onion services, cleanups to bootstrap reporting, support for improved bandwidth- measurement tools, experimental support for NSS in place of OpenSSL, and much more. It also begins a full reorganization of Tor's code layout, for improved modularity and maintainability in the future. Finally, there is the usual set of performance improvements and bugfixes that we try to do in every release series.

There are a couple of changes in the 0.3.5 that may affect compatibility. First, the default version for newly created onion services is now v3. Use the HiddenServiceVersion option if you want to override this. Second, some log messages related to bootstrapping have changed; if you use stem, you may need to update to the latest version so it will recognize them.

We have designated 0.3.5 as a "long-term support" (LTS) series: we will continue to patch major bugs in typical configurations of 0.3.5 until at least 1 Feb 2022. (We do not plan to provide long-term support for embedding, Rust support, NSS support, running a directory authority, or unsupported platforms. For these, you will need to stick with the latest stable release.)

Below are the changes since 0.3.5.6-rc. For a complete list of changes since 0.3.4.9, see the ReleaseNotes file.

Changes in version 0.3.5.7 - 2019-01-07

Major bugfixes (relay, directory):

Always reactivate linked connections in the main loop so long as any linked connection has been active. Previously, connections serving directory information wouldn't get reactivated after the first chunk of data was sent (usually 32KB), which would prevent clients from bootstrapping. Fixes bug 28912; bugfix on 0.3.4.1-alpha. Patch by "cypherpunks3".